CVE-2026-14890
CVE-2026-14890
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
SGLang uses an expert-parallel backup subsystem that exposes a ZeroMQ PULL socket on a routable network interface that does not contain authentication or deserialization safeguards, allowing an attacker to provide a malicious pickle file that results in unauthenticated remote code execution when the feature is enabled and the service is reachable over the network.
| Vendor | sglang |
| Product | sglang |
| Published | Jul 16, 2026 |
| Last Updated | Jul 16, 2026 |
Stay Ahead of the Next One
Get instant alerts for sglang sglang
Be the first to know when new unknown vulnerabilities affecting sglang sglang are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
SGLang / SGLang
0 โค 0.5.14